Google to use return path anti-phishing system

John E Dunn |
Feb. 25, 2011

Google has joined Yahoo, software site Tucows and filtering firm Cloudmark in signing up to use Return Path’s now formally launched Domain Assurance service which the company claims will turn the screw on phishing and brand-hijacking spam.

The service is based on the observation that while the modern email delivery depends on authentication schemes such as Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), companies have little way of monitoring this across a multitude of domains this in order to spot problems.

In some cases, ISPs might block legitimate email because it has not authenticated properly or not block it because of uncertainty over its status. Into this gap jump spammers looking to use well-known brands - for instance those claiming to be from banks - to send plausible-looking phishing spam.

Enterprises subscribing to Domain Assurance audit their authentication by submitting email server IP addresses and domains to an audit list, which is then checked against failure statistics supplied by ISPs, including now Google.

The companies can view this data using a dashboard, spotting email from their domains which is not being properly authenticated, possibly by a marketing partner, as well as get insight into spoofing problems.

With an audit complete, they can pass back a request to ISPs to block all email that cannot authenticate safe in the knowledge that are not harming their own activities. They also have a clearer idea of which domains need to be taken down.

ISPs such as Google and Yahoo gain from the system even though they do not pay to use it because in the long run their servers and users will, in theory, receive fewer fraudulent emails.

"Currently companies can only react to a phishing attack, Domain Assurance changes the game by blocking phishing emails before they get delivered to the customer mailbox," said Return Path's president, George Bilbrey.

A key issue for the service is scale - the more customers, the better the blocking that can be carried out by ISPs. But it also needs large ISPs because there are what provides data on authentication problems and spoofing. The company currently claims that around 2,500 enterprises use the service.

In fact elements of the service has existed for some years and the formal launch of Domain assurance reflects its confidence that it has now reached a critical mass to offer more integrated services.